This policy may change at any time to reflect any changes to privacy practices in accordance with changes to legislation, You should check this page on a regular basis to ensure that you are happy with any changes. This policy is effective from 20 october 2020
Information I Collect
To fulfil your order, you must provide me with certain information such as name, email address, postal address, (I use paypal to process your payment, paypal do not provide me with your financial details but I do have to keep a record of the paypal payments I receive) and the details of the product that you are ordering. You may also choose to provide me with additional personal information (for example for a custom order)
The legal bases I rely on to collect, use, and share personal information
Why I Need Your Information and How I Use It
I rely on a number of legal bases to collect, use, and share your information, including:
as needed to provide my services, such as when I use your information to:
Fulfil your order, to settle disputes, or to provide customer support,internal record keeping,
processing orders and enquiries.
Providing you with information about products and services (if you agree to receive such information) and when you have provided your affirmative consent, which you may revoke at any time, such as by signing up for a mailing list.
If necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law; and
as necessary for the purpose of my legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as providing and improving my services or if I use your information to provide the services you requested and in my legitimate interest to improve my services
The third parties with whom I share personal information
The GDPR requires that I disclose the details of any personal information I share with third parties.
I would share your information with the Royal Mail for the purpose of sending your package and etsy for processing your payments. The information shared with the Royal Mail would be your name and delivery address. I may also be required to share your information with etsy but only in cases where required to do so by law or to resolve disputes. Paypal do not share your financial details with me.
Please see further details below regarding sharing and disclosure.
Information Sharing and Disclosure
Information about my customers is important to my business. I share your personal information for very limited reasons and in limited circumstances, as follows:
Third Party Service providers but only to the extent necessary to perform the services required to fulfil your order and process your payments. I engage Royal Mail, and paypal as trusted third parties to perform functions and provide services. I will share your name and address with the Royal mail for the purpose of delivering your order. etsy do not share your financial details with me and the only reason I would share your information with paypal would be to settle disputes or if required to do so by law.
The length of time I keep personal information
The GDPR requires that I disclose the period of time during which I will store personal information.
I retain your personal information only for as long as necessary to provide you with my services and as long as required to retain this information to comply with my legal and regulatory obligations, to resolve disputes, and to enforce my agreements. For tax purposes and to comply with any legal or tax obligations I am required to keep a record of your order for 5 years. Such an order would include your name,address and any other details you provide to process the order. I do not store financial information as I use paypal to process your payment. The information I am required by law and tax obligations to retain is stored in a secure office in the U.K and backed up in google cloud.
GDPR requires that I disclose if I transfer personal information outside of the EU and the legal bases I rely on to do so, such as consent and contractual necessity.
I use Google Cloud as a back up system for my accounts which is Privacy Shield certified, therefore I rely on Privacy Shield as the legal bases for the transfer of my buyers personal information outside of the EU.
I may store and process your information through third-party hosting services in the US or other jurisdictions. As a result, I may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. If I am deemed to transfer information about you outside of the EU, I use Google Cloud which is Privacy Shield certified.
Based on GDPR requirements, please read the following regarding your rights regarding the information you provide to me via this website. You can also read about your rights on the third party websites etsy and royal mail. I have provided my contact details if you require further information and I have explained more about your rights below.
If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. I describe these rights below:
Access. You may have the right to access and receive a copy of the personal information I hold about you by contacting me using the contact information below.
Change, restrict, delete. You may also have rights to change, restrict my use of, or delete your personal information, unless there are exceptional circumstances (like where I am required to store data for legal reasons) I will generally delete your personal information upon request.
Object. You can object to (i) my processing of some of your information based on my legitimate interests and (ii) receiving marketing messages from me after providing your express consent to receive them. In such cases, I will delete your personal information unless I have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
Complain. If you reside in the EU and wish to raise a concern about my use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
How to Contact Me
For purposes of EU data protection law, I, Lou Louise am the data controller of your personal information. If you have any questions or concerns, you may contact me using the form below